Ethical dilemmas often happen when two or more ethical issues urge contradictory actions. If you were working on software that managed an elevator or a car, how would you resolve any concerns about safety if you had signed a non-disclosure agreement (NDA)? You need to protect the public good, but you must maintain confidentiality. You need a framework for ethical decision making.
The best thing you can do is find a peer or co-worker to talk to. If they are a member of CIPS, they will help you step through section 4: The Process of Ethical Decision-Making in the CIPS document “Understanding the Code of Ethics”. Similar procedures are described by such groups as the Markkula Center for Applied Ethics.
• You start the process by identifying the key ethical issues in the situation.
If the software has been tested and some rare test case might cause a safety issue, do you have a responsibility to ensure that accident does not happen? Yes. The company has pressure to approve use in a timely fashion. They need the IT professionals to make an objective decision with public safety as their main mandate. And they need us to stick to it. But if you signed an NDA, you cannot legally take safety concerns to a newspaper or ombudsman. Even if you want to ignore an NDA, you still owe your client their confidentiality.
• Next: Identify what ethical imperatives are relevant to the situation
For this you need a framework of ethical statements or a code of ethics so you can test if any of them need to be considered in this decision. In this case you already know that you want to protect the public good, and you have a confidentiality concern. Those are two of the ethical imperatives in the CIPS code of ethics. We can read the related material and see that the confidentiality applies “without any express request or stipulation on the client’s part”, and that protecting the public “must prevail when there is conflict with other obligations.”
• Determine what ethical principles are of major importance to the situation and begin to implement some possible action by
-generating alternatives and examining the risks and benefits of each
– securing additional information
– consulting with colleagues, the CIPS Registrar, or with other appropriate sources
– examining the probable outcomes of various courses of action
In this case, perhaps with more testing the safety concern can be ruled out or corrected. Do you know the actual odds of this case happening? You want to be very sure your concern is valid. Do your colleagues know what would be required to do the extra testing? If you threaten to quit, would the company take this issue more seriously?
• Reflection (include in decision making process the feelings and intuitions evoked by ethical challenges)
Ethics are not necessarily easy, but you need to ask yourself how you would feel about various actions and outcomes. Do you really feel you could quit if they ignore your ultimatum? If no action is taken, how long will this bother you? Is there anyone at the company that you would feel comfortable about talking to that you have not already contacted?
• Determine action plan
You need to decide. Perhaps you know enough now to compile a good test plan on your own time? And have you thought of someone you can approach to make a pitch that they extend the project to include this work? Often the key to these dilemmas is to continue to work the “in between” options so neither imperative is broken and no extreme action is necessary.
• Take action (follow a concrete action plan, evaluate the plan, and be prepared to correct any negative consequences that might occur from the action taken).
In this case, the key is to hold to your ethical values and not give up on ensuring the public is safe. Don’t just feel uncomfortable, take action. If one person will not approve the testing or fix the bug, consider asking their boss. Ensure you emphasize that you are trying to help. Explain the pain that you see happening. Get help from co-workers to ensure the best discussions happen. You don’t help the public by taking yourself out of the equation.
Only as a final resort, investigate if there is a “whistle blower” process for this organization. It will give them one last chance to fix the problem themselves.